Home users want ISPs to do more, survey finds

AusCERT general manager, Graham Ingram, said the decision to conduct the survey reflects a significant increase in the targeting of client computers, such as home PCs in particular.

"We see the gap as being the client and home users and understanding the environment there," said Ingram. "We've change tack; our focus is now on the gap."

Conducted by Nielsen, the survey of 1001 adult representatives from all Australian States and Territories found that confidence is high among Australian Internet users when it comes to managing the security of their home PC.

68 percent of survey respondents said they were confident or very confident about the task.

However, further analysis found that many home Internet users do not fully understand the capabilities of security technologies, which may affect their confidence level.

For example, 46 percent held incorrect assumptions about what protection SSL provides online, which could give them a false sense of security about what they do online.

"When we talk about data in transit, SSL does provide very good protection," said Kathryn Kerr, AusCERT’s manager for analysis and assessments.

"But what alot of people do not realise is that if one of those computers in the communication is compromised, then the attacker can see what the user can see because the data is captured before it's encrypted," she said.

Meanwhile, 23 percent of 1001 surveyed admitted that their home PCs had been infected with malware.

Additionally, 71 percent of the malware victims were infected with one or two pieces of malware during the last 12 months, a trend likely to continue as malware volumes continue to double or triple year on year.

“With this information, we can focus more on areas where understanding is limited or poor and help better address those areas, while reinforcing the good security practices they already understand well," said Kerr.

She added: “For anyone in the business of raising awareness about security issues among home Internet users, the results are very useful."

Furthermore, the survey found that Internet users want ISPs to be more pro-active in helping them recover from computer attacks.

AusCERT's Graham Ingram noted that this result was both “surprising and pleasing because it means that home Internet users are supportive of a layered or defence in-depth approach to security.”

Surprisingly, home users don’t mind if their Internet service is disrupted in order to control a malicious attack.

Sixty-one percent support ISPs limiting their access to the Internet if the ISP became aware their computers had become infected with serious forms of malware.

“In these cases it is not in the home Internet users’ interests, nor the interests of the Internet community more generally to allow these computers to connect to the Internet until they have been repaired,” said Ingram.

“Users can only do so much, and sometimes even their best efforts fail. Hence it is helpful if ISPs are able to step in and, in a responsible way, limit users’ access to those web sites, such as Windows Update and others as appropriate, to allow them to recover without causing the home Internet users or others more harm," he said.

Finally, the survey found that 57 percent of people didn't use anti-phishing tools. Kerr said, "when we asked why, 33 percent of those didn't know what phishing was."

security